My friend who joined Zoom via the acquisition said it’s abandoned, all future work is on Zoom, no plans to do anything other than bare minimum maintenance on the keybase systems. No surprise here. Bit of a shame though.
Edit: following up on this since i think it was slightly misleading -- this has always been Zoom's public opinion since they announced the acquisition. Their goal was always to integrate the Keybase technology into Zoom. See their blogpost for more https://blog.zoom.us/zoom-acquires-keybase-and-announces-goa...
It is being maintained and still actively used. The largest user, afaik, is Chia Network (https://www.chia.net) and they rely on that for the bulk of their internal and external community comms. If Zoom decides not to host the servers anymore I predict they will likely try to acquire it from Zoom or re-implement the server portion.
There is probably a profitable business to be built to implement an opensource version of the Keybase server that is backwards compatible with the client and then start charging enterprises a reasonable price for data storage and communications to host it in the cloud. Zoom is sitting on a potential gold mine and they are just letting it languish.
Hard disagree. A global identity network that has end-to-end encrypted chat that can be used for secure authentication in a variety of scenarios and allows users to exchange data is a much bigger market than video conferencing. If anything Zoom should be working on integrating Zoom video conferencing into the Keybase product.
The Chia community is much much larger than the number of employees working at Chia Network and the community is all on Keybase. At times Keybase has strained under the load from all the users. The #general channel has something close to 20,000 members last time I checked.
Agreed, file sharing via Keybase is a dream. It automatically creates an encrypted folder on my filesystem that is shared with the other party. Super convenient, I tried to evangelize it solely for this reason.
I popped over for a glance, as I have been seeing a need for something very similar.
pricing 5 GBP per month - I read over that 4 times and it kept becoming 5 GB in my head... might I suggest adding $7 US per month and $80 per year perhaps.
then I checked the terms and I saw UK law - which has fluctuated a lot with content that is okay and not okay.. and then the word "obscene" is in there.. and other stuff that makes me wish this was hosted elsewhere.
perhaps for an extra X$ one can choose to host an instance on other locations and avoid some of the uk things I dunno.
It always bugged me that the proof went on the profile itself and not on a mere comment like it does for other identities (Twitter → tweet, Reddit → a post in /r/KeybaseProofs etc).
The problem with doing this on HN is that you can’t delete or edit comments after a few hours, so there would be no way to remove the proof besides a reply to your own comment (which also doesn’t work once the thread is old enough to not allow comments)
What usually happens after M&A is if the acquired product isn't a profit-maker, they "integrate" it into other products and it goes into maintenance mode, eventually to be sunset. If the product did make money, they'd re-brand it and keep development going... unless they have plans to integrate the product's core feature into a larger corporate product (Zoom) that a separate branded product would compete against internally.
It seems like keybase has been eaten and absorbed into the Zoom app, and the rest will be flushed.
Are they not allowed to shift priorities as they grow? I'm sure there are many things you genuinely care for these days which wouldn't have been true a few years ago. It would be dismissive for me to assert you don't truly care about those things, would it not?
That's not fair. A lot of companies start off not caring about security because they just need to ship and grow. They add security later after they get owned or when they need to take on the type of customer that also genuinely care about security. Maybe they didn't care before and they care now. That's allowed.
I disagree. At this point, there's no real reason to just not care about security from day one.
There's a wealth of tools and docs, and users are becoming more and more conscious (which is fantastic, for the record!). There's the obvious ethics of keeping the data your users entrust you with safe to the best of your abilities, too.
There's a real reason to not care about security from day one... the competitor who doesn't care will beat you to market, and then you don't get a day 2.
Sorry, but the vast majority of people just don't care. Customers want a working product.
Yours is the only comment on this thread so far that mentions hashes. Care to explain what you mean by hashes in this context, and what benefit you think zoom would get from acquiring them?
They were acquired to appease investors/public relations during the explosive pandemic growth phase when a multitude of security issues were uncovered.
Likely easy enough for a client based on E2E encryption principles; the backend is in many ways a (fancy) dumb pipe. (It could still require complex infrastructure, but at least there'd be relative little "feature" code on the backend to be rewritten.)
FWIU, Cyph does Open Source E2E chat, files, and unlimited length social posts to circles or to public; but doesn't yet do encrypted git repos that can be solved with something like git-crypt.
https://github.com/cyph/cyph
It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?
> There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD
> GPG presumes secure key distribution
> Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.
Blockcerts can be signed when granted to a particular identity entity:
How do I specify the correct attributes of my schema.org/Person record (maybe on my JAMstack site) in order to approximate the list of identities that e.g. Keybase lets one register and refer to a cryptographic proof of?
Do I generate a W3C DID and claim my identities by listing them in a JSON-LD document signed with W3C ld-proofs (ld-signatures)? Which of the key directory and Web of Trust features of Keybase are covered by existing W3C spec Use Cases?
>> 2. Use Cases: Online shopper, Vehicle assemblies, Confidential Customer Engagement, Accessing Master Data of Entities, Transferable Skills Credentials, Cross-platform User-driven Sharing, Pseudonymous Work, Pseudonymity within a supply chain, Digital Permanent Resident Card, Importing retro toys, Public authority identity credentials (eIDAS), Correlation-controlled Services
> And then, IIUC W3C Verifiable Credentials / ld-proofs can be signed with W3C DID keys - that can also be generated or registered centrally, like hosted wallets or custody services. There are many Use Cases for Verifiable Credentials: https://www.w3.org/TR/vc-use-cases/ :
>> 3. User Needs: Education, Retail, Finance, Healthcare, Professional Credentials, Legal Identity, Devices
>> 4. User Tasks: Issue Claim, Assert Claim, Verify Claim, Store / Move Claim, Retrieve Claim, Revoke Claim
>> 5. Focal Use Cases: Citizenship by Parentage, Expert Dive Instructor, International Travel with Minor and Upgrade
>> 6. User Sequences: How a Verifiable Credential Might Be Created, How a Verifiable Credential Might Be Used
Is there an ACME-like thing to verify online identity control like Keybase still does?
Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?
> The last IETF draft for HKP also defines a distributed key server network, based on DNS SRV records: to find the key of someone@example.com, one can ask it by requesting example.com's key server.
> Keyserver examples: These are some keyservers that are often used for looking up keys with `gpg --recv-keys`.[6] These can be queried via https:// (HTTPS) or hkps:// (HKP over TLS) respectively:
keys.openpgp.org ,
pgp.mit.edu ,
keyring.debian.org ,
keyserver.ubuntu.com ,
> GpgSignature2020: A JSON-LD Document has been signed with GpgSignature2020, when it contains a proof field with type GpgSignature2020. The proof must contain a key signatureValue with value defined by the signing algorithm described here. Example:
Zoom must have had the craziest period of hyper-growth over the past 18 months. Not at all surprising that the Keybase engineering team would be focused on Zoom problems.
I would be really fascinated to read about acquisitions that led to actual explosion of the original product inside an organization and those that didn't, apparently like Keybase. Seems like there must be a financial metric where the purchase price should reflect that, or the size of the team divided by the purchase price would indicate something.
Can anyone get the "abandon proof" button to work in the profile in-browser if you want to remove something from your profile? I can't get it to work in Firefox and Edge for some reason.
Don't want to reset or delete the entire account for now, but I'd like to remove some stuff.
It is broken in the browser, but the desktop app is still able to revoke proofs (click your name in top left sidebar and pick edit profile from dropdown)
I don’t know if I believe in such a thing. Salesforce has done many acquisitions over the years, and they have ranged from acqui-hire to complete independence. Zoom has no such history, and I’m bummed about Keybase, but the next one could be 100% different.
What's special is the ability to publish cryptographic proofs on public social media profiles to link back to a central identity. You could say this person on Twitter, Facebook (discontinued), Github, HN, etc. is 100% the same person. Key provisioning and recovery becomes easy then when you setup multiple devices and your messages are available across mobile, laptop, desktop and across various operating systems. And it was all end-to-end encrypted.
I still use it regularly as well. There is definitely a thriving ecosystem of users on it, which tells me that it is providing real value to some people. Either someone is going to breathe new life into Keybase or someone is going to come along and build something similar to Keybase with better execution and be wildly successful.
The browser extension also gave you a way help verify as well as giving you the ability to send an encrypted DM which is more secure than most of these social platforms. (But had it caught on, it would not have been fun to deal with spam and moderation)
What's so special about Zoom? If Zoom fell off the face of the Earth, by the next day everybody would have switched to any of half a dozen nearly identical services, many of them older than Zoom. Within another couple of days, everybody would have stopped noticing the difference.
We've used Skype, GoToMeeting, Slack... and finally Zoom, and Zoom was the best quality video conferencing by far.
No echo, no sound+video synch issues, rarely any "breaking up"... they must've implemented some very nice tricks to make all these work even when we have meetings with people sitting in from several different countries.
Despite their security issues, it's not surprising they came to dominate the market: it was the only product that really worked.
It was a wonderfully user-friendly front end to GPG. I used it extensively with some non-technical clients to exchange credentials when they originally wanted to send them via email.
Edit: following up on this since i think it was slightly misleading -- this has always been Zoom's public opinion since they announced the acquisition. Their goal was always to integrate the Keybase technology into Zoom. See their blogpost for more https://blog.zoom.us/zoom-acquires-keybase-and-announces-goa...